IT Security News Blast 8-10-2017

Over the past few weeks, there has been a noticeable glut of high-profile malicious activity aimed at financial institutions. Both traditional banking and cryptocurrency trading platforms have been successfully targeted in these campaigns. Attackers continue to use a variety of tactics both old and new. […] Generally speaking, I would expect attacks on financial institutions to continue to grow as users become more interconnected, online banking continues to expand, and cryptocurrencies gain increased adoption and use from companies and customers alike.

Advisory firms should more closely adhere to their stated cybersecurity policies, keep current on security patches and correct all vulnerabilities detected, the SEC noted. These observations stem from examinations of 75 firms, including broker-dealers, investment advisers and funds conducted from September 2015 through June 2016. Firms also need to improve how they maintain response plans for addressing data breaches and letting clients know about material events. Less than two-thirds of advisors have implemented these plans, InvestmentNews reports, citing the alert.

Interoperability has its downsides, which is that many hospitals and accompanying centers, which could include a nursing home, make a large-scale attack more plausible. Hospitals also use 10 to 15 medical devices per bed, the newspaper reported. “Cyberattacks are very scalable. You can go from one hospital to 500 hospitals with much less effort than it takes to attack 500 hospitals physically,” said Dameff. “You can see that these risks, they explode.”

The 2017 HIMSS Cybersecurity Survey provides insight into what healthcare organizations are doing to protect their information and assets, in light of increasing cyber-attacks and compromises affecting the healthcare sector. The 2017 report focuses on the responses from 126 IT leaders who report having some responsibility for information security in a U.S.-based healthcare provider organization, such as a hospital or long-term care facility.

State and local governments are struggling to deal with a number of cybersecurity threats. Tight budgets, lack of talent in the workforce and the constantly evolving nature of threats are a few reasons why the challenge is mounting. But cybersecurity cannot go neglected. State and local agencies store massive amounts of sensitive constituent data such as Social Security numbers, health care records and driver license numbers. And without a secure infrastructure, the public transportation systems, electric grids and water plants powering our nation’s cities remain vulnerable.

CRE firms are attractive targets because of their access to both data and money. Data—such as personal information, blueprints, building technology and financial information—can be sold or used for future exploits. Money can be skimmed from tenant and vendor accounts or credit cards and extorted directly thanks to ransomware. Last year, for example, an Austrian hotel paid a hefty ransom after its computers were hacked; and just this month, property management firm BNP Paribas Real Estate reported a ransomware attack that took down most of its global systems.

#FireMcMaster became a top trending hashtag on their global list last week. As the New York Times reported Friday, the #FireMcMaster hashtag was tweeted more than 50,000 times in the previous 48 hours. “Echoing the drumbeat were social media organs tied to the Russian government,” the Times said. The dashboard also shows that each day the Russian-led effort delivered some 20,000 to 25,000 tweets. “Here’s what #Putin wants Americans talking about,” tweeted former FBI agent Clint Watts, one of the cyber warfare experts behind the project.

An unknown hacking group has been targeting organizations in North Korea with Konni Malware. It is a RAT/remote access Trojan having all those features that any effective backdoor might have such as host profiling and remote access control. In 2017, already three different campaigns were identified by security experts against North Korean companies using this malware. Talos Intelligence, a cybersecurity firm owned by Cisco, firstly identified the campaign in which Konni malware was used. This campaign was launched against North Korea on July 6th, just a few days after the testing of the missile.

Leaked exploits and hacking tools enable the surge of cyber attacks in 2017

The most notable of the stolen NSA tools was EternalBlue, an exploit for the Server Message Block (SMB) vulnerability (CVE-2017-0144) that was leveraged, along with other leaked exploits, into May’s outbreak of WannaCry and June’s outbreak of NotPetya. While WannaCry was a true ransomware in that some victims reported they were able to decrypt their files by paying the ransom, the version of NotPetya using leaked NSA exploits acted more as a Shamoon-like data wiper than actual ransomware. The ransom messages that infected victims experienced were a ruse, researchers discovered, as the attackers had no way to actually decrypt victims’ files.

“I don’t really think the government is benefiting that much from the illegal malware-for-sale market, he said. “With the FBI, for example, investigating the criminal part of it while NSA is doing the offensive part, there’s enough compartmentalization there to avoid a conflict.” Distinctions are also made around intent. The malware allegedly sold by Hutchins was a Trojan virus to collect and exploit banking information. According to a cyber contractor who tests malware for the government and develops and tests security tools, the kind of profit-driven malware often peddled on the black and grey markets typically isn’t useful for the kind of offensive cyber operations carried out by national security and surveillance agencies.

The talk was to reveal MEATPISTOL, a modular malware framework for implant creation, infrastructure automation, and shell interaction, aimed at reducing the time and energy spent on reconfiguration and rewriting malware. The tool — an anagram of a similar tool, Metasploit — doesn’t launch attacks or exploit systems, but it allows red teamers to control the system once access has been granted. MEATPISTOL was pitched as taking “the boring work” out of pen-testing to make red teams, including at Salesforce, more efficient and effective.

When Cb Response doesn’t know a file, it uploads it to a multiscanner for checking. […] “Access to these tools includes access to the files submitted to the multiscanner corpus (it’s hard to analyze malware that you don’t have). This means that files uploaded by Cb Response customers first go to Carbon Black (or their local Carbon Black server instance), but then are immediately forwarded to a cloud-based multiscanner, where they are dutifully spread to anyone that wants them and is willing to pay.

“In Cb Response, there is an optional, customer-controlled configuration (disabled by default) that allows the uploading of binaries (executables) to VirusTotal for additional threat analysis. This option can be enabled by a customer, on a per-sensor group basis. When enabled, executable files will be uploaded to VirusTotal, a public repository and scanning service owned by Google.”

According to court documents, the FBI managed to catch the suspect in June 2017 after it created and deployed a custom NIT (Network Investigative Technique) that relied on appending de-anonymizing code inside a video file. FBI agents hosted the file on a Dropbox account shared by the sextortionist and one of his victims, and when the suspect downloaded and opened the file, the code within called back to FBI servers, exposing the alleged crook’s real IP address.

This case, Carpenter v. United States, asks a simple question: is it OK for police to seize and search 127 days of cell-site location information (CSLI) without a warrant? […] The Supreme Court has also recently shown more deference to digital privacy in the Riley v. California (2014) case: there, the nine justices unanimously agreed that, during an arrest, police could not search a mobile phone without a warrant. Justice Sotomayor alluded to what is often referred to in legal academic circles as the “mosaic theory,” the notion that the sum total of data gathered is often more revelatory than the discrete data collection. As such, some privacy activists argue, potentially revelatory data—like CSLI—should require a warrant.

In a legal filing this week, the Electronic Frontier Foundation (EFF) argues that customs officers should be required to get warrants before searching people’s mobile phones (and iPads, laptops etc) in the same way they are typically required to do in the rest of the country. “Our cell phones and laptops provide access to an unprecedented amount of detailed, private information, often going back many months or years, from emails to our coworkers to photos of our loved ones and lists of our closest contacts,” notes EFF attorney Sophia Cope.

NIST published a framework for the future cybersecurity workforce this week, Special Publication 800-181, the culmination of years of effort under the National Initiative for Cybersecurity Education (NICE). The framework defines “a common, consistent lexicon to describe cybersecurity work by category, specialty area, and work role,” and details the necessary knowledge, skills and abilities (KSAs) and tasks performed by individuals in each kind of job. The framework defines cyber operations jobs in seven operational categories and 32 job specialties.

The Women in Cyber Group holding a panel to discuss how female professionals are helping solve cyber-related problems. “The more you see women succeed in a field, the more you will see women come into the field. And we saw that in the Signal Corp in the Army. When I came in, we were a small fraction, but today, we are like 40%,” UNISYS Group VP of Defense and Intelligence Jennifer Napper said. […] Napper says plenty of organizations are giving away scholarships to young women who might be interested.

When it comes to cybersecurity, companies need force fields, not walls

Cybersecurity is no longer a matter of protecting against mere nuisance. Over the past 15 years, the digital threats to our physical lives have become graver, and the perpetrators of them more capable than most people realize. As the financial rewards for breaching institutions grew, amateur hackers gave way to professionalized cyberterrorists. Nation-states are putting young people through school and then aiming them at other countries. And as we saw with the Sony Pictures hack of 2014, nation-states are even directing attacks against specific companies.

The researchers in this study showed that with a combination of tools, they could remotely gain access to a cellphone’s computer chip and and modify the Wi-Fi chipset code to transmit radio jamming signals. The signals can block other targeted devices or applications from sending or receiving data. Researchers carried out this project as a way of anticipating a potential cyberattack. “You want to understand what is possible so you can defend against these kinds of things” Noubir said. “You have to also ask yourself, ‘what could someone do?'”

Depending on a hacker’s goals, these opportunities can be used for both espionage (downloading existing configuration files to discover manufacturing secrets) and sabotage. Researchers have demonstrated a crafty attack on a robot that was supposed to draw straight lines (in real-life applications, it could perform electric-welding). Hacked, the robot slightly shifted its manipulator by just a fraction of a millimeter, an error that was imperceptible to the naked eye but would render the resulting product defective.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.